1+ name : Claude Code
2+
3+ on :
4+ issue_comment :
5+ types : [created]
6+ pull_request_review_comment :
7+ types : [created]
8+ issues :
9+ types : [opened, assigned]
10+ pull_request_review :
11+ types : [submitted]
12+
13+ jobs :
14+ claude :
15+ if : |
16+ (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
17+ (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
18+ (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
19+ (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
20+
21+ runs-on : ubuntu-latest
22+ permissions :
23+ contents : read
24+ pull-requests : read
25+ issues : read
26+ id-token : write
27+ steps :
28+ - name : Check organization membership
29+ id : check_membership
30+ uses : actions/github-script@v7
31+ with :
32+ script : |
33+ let actor;
34+ if (context.eventName === 'issue_comment') {
35+ actor = context.payload.comment.user.login;
36+ } else if (context.eventName === 'pull_request_review_comment') {
37+ actor = context.payload.comment.user.login;
38+ } else if (context.eventName === 'pull_request_review') {
39+ actor = context.payload.review.user.login;
40+ } else if (context.eventName === 'issues') {
41+ actor = context.payload.issue.user.login;
42+ }
43+
44+ console.log(`Checking membership for user: ${actor}`);
45+
46+ try {
47+ const membership = await github.rest.orgs.getMembershipForUser({
48+ org: 'basicmachines-co',
49+ username: actor
50+ });
51+
52+ console.log(`Membership status: ${membership.data.state}`);
53+
54+ // Allow if user is a member (public or private) or admin
55+ const allowed = membership.data.state === 'active' &&
56+ (membership.data.role === 'member' || membership.data.role === 'admin');
57+
58+ core.setOutput('is_member', allowed);
59+
60+ if (!allowed) {
61+ core.notice(`User ${actor} is not a member of basicmachines-co organization`);
62+ }
63+ } catch (error) {
64+ console.log(`Error checking membership: ${error.message}`);
65+ core.setOutput('is_member', false);
66+ core.notice(`User ${actor} is not a member of basicmachines-co organization`);
67+ }
68+
69+ - name : Checkout repository
70+ if : steps.check_membership.outputs.is_member == 'true'
71+ uses : actions/checkout@v4
72+ with :
73+ fetch-depth : 1
74+
75+ - name : Run Claude Code
76+ if : steps.check_membership.outputs.is_member == 'true'
77+ id : claude
78+ uses : anthropics/claude-code-action@beta
79+ with :
80+ anthropic_api_key : ${{ secrets.ANTHROPIC_API_KEY }}
81+ allowed_tools : Bash(uv run pytest),Bash(uv run ruff check . --fix),Bash(uv run ruff format .),Bash(uv run pyright),Bash(make test),Bash(make lint),Bash(make format),Bash(make type-check),Bash(make check),Read,Write,Edit,MultiEdit,Glob,Grep,LS
0 commit comments